demonware

General

Target

goodboy.exe
Size

12.1MB
Sample

200620-ncbrpw8ghn
MD5

1b22279fe6e9f33894e8a508974cd6b2
SHA1

2b8ed32f30f31f374f6daf74a5b2e85aba3368ba
SHA256

0910456e5d69a28324c97646aa0c628851323bf7785d641c702a200a6046f0f5
SHA512

e9f39a0ce3324c00efe5cfe8ed17471f53fe45c79683c253f3cb6ed5aba38df3d25e4befd8ac7081c40667c820de7fb284f583bc8e1a1db131033fe7344d54a7

Score

10^/10

demonware ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\README.txt

Ransom Note

Sepertinya Anda terkena Malware Bernama DemonWare Jangan Khawatir, kami mempunyai Semua file yang kamu punya DemonWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 hours to find your key C'mon, be glad I don't ask for payment like other ransomware. Please visit: https://kontrolservermalwareransomware.com and search for your IP/hostname to get your key. Kind regards, Malware Author

URLs

https://kontrolservermalwareransomware.com

Targets

- Target
  
  goodboy.exe
- Size
  
  12.1MB
- MD5
  
  1b22279fe6e9f33894e8a508974cd6b2
- SHA1
  
  2b8ed32f30f31f374f6daf74a5b2e85aba3368ba
- SHA256
  
  0910456e5d69a28324c97646aa0c628851323bf7785d641c702a200a6046f0f5
- SHA512
  
  e9f39a0ce3324c00efe5cfe8ed17471f53fe45c79683c253f3cb6ed5aba38df3d25e4befd8ac7081c40667c820de7fb284f583bc8e1a1db131033fe7344d54a7
Score

10^/10

ransomware demonware
- DemonWare
  Ransomware first seen in mid-2020.
  ransomware demonware
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2